git.ipfire.org Git - thirdparty/haproxy.git/commit

author	Frederic Lecaille <flecaille@haproxy.com>
	Mon, 4 Aug 2025 16:39:08 +0000 (18:39 +0200)
committer	Frederic Lecaille <flecaille@haproxy.com>
	Mon, 4 Aug 2025 17:30:46 +0000 (19:30 +0200)
commit	91a936da86894f4bab8ecc34aa596e8768aa1542
tree	3a2424cd075532114c11fd31e5834376e1bec5f1	tree
parent	c22e97e8ed1cbe54c99b0157970cb8fdf7e6844a	commit \| diff

MINOR: quic-be: validate the 0-RTT transport parameters

During 0-RTT sessions, some server transport parameters are reused after having
been save from previous sessions. These parameters must not be reduced
when it resends them. The client must check this is the case when some early data
are accepted by the server. This is what is implemented by this patch.

Implement qc_early_tranport_params_validate() which checks the new server parameters
are not reduced.

Also implement qc_ssl_eary_data_accepted() which was not implemented for TLS
stack without 0-RTT support (for instance wolfssl). That said this function
was no more used. This is why the compilation against wolfssl could not fail.

include/haproxy/quic_ssl.h		diff \| blob \| blame \| history
include/haproxy/quic_tp.h		diff \| blob \| blame \| history
src/quic_ssl.c		diff \| blob \| blame \| history
src/quic_tp.c		diff \| blob \| blame \| history
src/ssl_clienthello.c		diff \| blob \| blame \| history